raito
f4588aff2b
feat: listen on Gerrit events and rewrite them as generic VCS events
...
This introduces the private SSH key for Gerrit event streaming.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-16 01:25:53 +01:00
raito
bb7d5c1c7d
chore: re-encrypt rabbitmq password
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 17:25:35 +01:00
raito
47b713ca58
feat: introduce ofborg builder
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-12-15 16:51:45 +01:00
raito
decc9963ee
feat: add buildbot.lix.systems
...
This introduces a new Buildbot instance using all the previous work.
This is a "Raito's VM" hardware type.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:53:25 +02:00
raito
160e7c5ecb
fix(secrets): rekey for buildbot.lix.systems and build02.aarch64.lix.systems
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:52:37 +02:00
raito
3df1697289
fix(secrets): rekey the monitoring password
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 11:28:29 +02:00
raito
92560708b8
feat: multi-tenant secrets
...
Lix may have its own secrets and we want to maintain a certain
generalization level on the NixOS modules, so we can decorrelate which
secret we select dynamically by having a simple tenancy hierarchy
system.
This unfortunately requires to rewrite all call sites with a floral
prefix until we migrate them to the simple internal secret module which
is aware of this.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-10-06 08:10:44 +00:00
raito
4749d204bf
feat: add stateless-uptime-kuma-password secret
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-09-29 16:01:23 +02:00
raito
9a04ef909b
feat(nixpkgs): run oxidized channel scripts
...
We don't need weird Perl scripts where we are going. Here's a streaming
channel-scripts deployment with plenty of bells, including OTLP.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 19:32:23 +02:00
Ilya K
c1712dc1fa
Set up tempo
2024-08-31 15:05:30 +03:00
raito
9063138156
feat(secrets): add s3 reverse proxy API keys
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-31 00:19:49 +02:00
raito
ac7815321a
feat(pyroscope): add secrets and storage
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-23 20:58:08 +02:00
raito
bf1b8d4d19
secrets: rekey for public01 access to metrics
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-21 16:45:12 +02:00
raito
58c0dd3d2e
feat(public): add listmonk instance on news.forkos.org
...
To prepare for public communications and updates.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-08-21 16:45:12 +02:00
Pierre Bourdon
5fdce0e2b5
hydra: move from bagel-box to build-coord
2024-08-16 09:03:29 +02:00
Pierre Bourdon
c33326f836
hydra: switch to using mTLS instead of local peer auth
2024-08-16 08:19:18 +02:00
Pierre Bourdon
0dd333c573
postgres: add mTLS support
...
New client certs can be minted via the provided script, which is meant
to be run on the postgres server (where the CA private key is
conveniently deployed).
2024-08-16 07:59:12 +02:00
Pierre Bourdon
37bcb261ab
ssh-keys: add build-coord, rekey secrets
2024-08-13 22:36:30 +02:00
Ilya K
f8cad42b5c
Set up alertmanager-hookshot-adapter
2024-08-09 14:03:56 +00:00
raito
80c4757571
gerrit01: add a one-way-sync service
...
It's basic and does not handle conflicts which needs to be manually
managed.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-19 17:52:44 +02:00
raito
da7175303c
buildbot: add support for remote builders via baremetal machines
...
For now, only builder-3 is used.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:28:26 +02:00
raito
a56426e6c9
secrets: rekey for new machine (buildbot)
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
raito
7789e9ce75
services/buildbot: init
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 18:00:51 +02:00
Luke Granger-Brown
2b8f42dcda
secrets: add gerrit-prometheus-bearer-token
2024-07-15 11:02:54 +00:00
Pierre Bourdon
f74d1ca0f6
hydra: start signing paths
2024-07-10 17:34:57 +02:00
Ilya K
787b3af638
Add wob-vpn-gw key, rekey metrics push password for it
2024-07-10 15:13:05 +03:00
Pierre Bourdon
afaf49eb97
secrets: rekey
2024-07-10 01:05:05 +02:00
raito
3828721e4f
services/netbox: enable OIDC via Lix SSO
...
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-09 02:45:58 +02:00
Ilya K
563e0685d4
Metrics fixups
...
- fix grafana-agent config format
- rekey metrics-push-password for fodwatch
2024-07-08 10:01:25 +03:00
Ilya K
40ba3c4ae7
Prepare for remote push metrics
2024-07-08 09:33:59 +03:00
Ilya K
2441d18f17
Add Loki + Promtail setup
2024-07-05 16:10:31 +00:00
Ilya K
63b31e98cf
Add Grafana/Prometheus/Mimir minimal setup
...
More later, Loki also later.
2024-07-05 16:10:31 +00:00
Pierre Bourdon
bf8fe65f9f
bagel-box: update ssh host key & rekey
2024-07-04 13:59:18 +02:00
raito
e3f3c87c0d
meta01: init
...
Includes:
- Raito VM module
- Raito proxy aware NGINX module
- Base server module
- Sysadmin module
- New SSH keys
- Netbox module
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-01 19:40:37 +02:00
Pierre Bourdon
73aecaef41
hydra: provide S3 and SSH credentials (via agenix)
2024-06-24 20:59:19 +02:00
Pierre Bourdon
04bd33e32c
infra: add agenix, add s3 credentials
2024-06-24 18:03:20 +02:00